Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Centralized linux system log analyzer?!
Special Forums UNIX and Linux Applications Infrastructure Monitoring Centralized linux system log analyzer?! Post 302566439 by jabalv on Thursday 20th of October 2011 11:06:03 AM
Old 10-20-2011
Quote:
Originally Posted by Neo
My experience is that zabbix is more flexible than logzilla... and neither is really what I would call 'great' for analysis.

Remember, collecting, aggregating and filtering "events" is not really "analysis"; and neither is simple "event triggering" based on simple pattern matching rules.

When I look at logzilla (as in zabbix), I don't see any analysis capabilities; only aggregation, filtering, and simple rule based pattern matching. This is really not "analysis" in my view.

For example, "analysis" would be a software process that can detect, from Apache2 log files, when an IP address is a "bot" (web spider) without looking at the user agent (UA). This is not easy in the general case and requires some pretty sophisticated analysis over time.
Yeah, I`m using zabbix too. But I can`t get it work well with log files. I only use it for specified process, event, etc.. I wrote bash scripts and then use zabbix trapper. Zabbix is good for system monitoring, but not for log files I think.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Centralized syslog server

I have a syslog server running Solaris 5.9 that is used exclusively to receive log messages from several thousand Cisco devices. The syslog server is and has been running fine for several months.. I would like to take all messages logged from the Cisco devices on this server and forward them... (2 Replies)
Discussion started by: getwithrob
2 Replies

2. UNIX for Dummies Questions & Answers

centralized unix user management

Does it exist centralized tools on unix for managing users of all servers (like windows AD) ? (1 Reply)
Discussion started by: astjen
1 Replies

3. UNIX for Dummies Questions & Answers

how to configure centralized log server

hi, i am beginner i am using small lan setup all machine fc 6 and fc7 8 and fedora 9 also i want to know how to configure centralized log server on fedora 9 step by step any one help me Thanks (0 Replies)
Discussion started by: poswer
0 Replies

4. HP-UX

HP UX Syslog Analyzer

Hi everybody I need to analyze syslog file in HP UX Is there any log analayzer for this file? Regards (3 Replies)
Discussion started by: m_arab
3 Replies

5. UNIX for Advanced & Expert Users

Need help on setting up Centralized Server

Hello All, I am working on SuSe Linux Platform. Some times ago i got an issue with an application for which i had to update that in all desktops (SLED == SuSe Linux Desktop). Since this time number of desktops were less then it was possible to go and update package manually. But in... (1 Reply)
Discussion started by: shirsha
1 Replies

6. IP Networking

Best iptables log analyzer?

Hello all, i want to view my iptables log on web interface, with chart (in option, and this is not my priority). What is the best program for this? I have Ubuntu server. Thanks ! :) (0 Replies)
Discussion started by: Pacifiste95
0 Replies

7. AIX

Accessing files on AIX system from Linux system

I have a following requirement in production system 1 : LINUX User: abcd system 2: AIX (it is hosting a production DB) Requirement user abcd from system 1 should have read access on archive log files created by DB on system 2. The log files are created with permissions 540 by user ora ,... (2 Replies)
Discussion started by: amitnm1106
2 Replies

8. Programming

Linux/Solaris System Administrator to become a Linux/Solaris System Programmer?

Hi all What is the qualification required by Linux/Solaris System Administrator to become a Linux/Solaris System Programmer as to gain complete knowledge on computers. Thanks (1 Reply)
Discussion started by: Tlogine
1 Replies

9. Shell Programming and Scripting

Log file analyzer, super basic sh file

Hello! I have a small shell project that is due next week, that I'd appreciate some help with. task: Write a shell program that can analyze at least 2 types of log files and print them in an easily readable way. Make it so that you can switch between log file types. The two file types should be... (1 Reply)
Discussion started by: malfiory
1 Replies

10. Homework & Coursework Questions

Log file analyzer, super basic sh program

Hello! I'd like some help with this assignment. 1. The problem statement, all variables and given/known data: 1)Write a shell script that can uses two types of files as inputs, apache.log and apache.error.log 2)Make it so that you can switch between the two file types 3)Make it so that the... (5 Replies)
Discussion started by: malfiory
5 Replies

LEARN ABOUT CENTOS

zabbix_selinux

zabbix_selinux(8)					       SELinux Policy zabbix						 zabbix_selinux(8)

NAME

       zabbix_selinux - Security Enhanced Linux Policy for the zabbix processes

DESCRIPTION

       Security-Enhanced Linux secures the zabbix processes via flexible mandatory access control.

       The  zabbix processes execute with the zabbix_t SELinux type. You can check if you have these processes running by executing the ps command
       with the -Z qualifier.

       For example:

       ps -eZ | grep zabbix_t

ENTRYPOINTS

       The zabbix_t SELinux type can be entered via the zabbix_exec_t file type.

       The default entrypoint paths for the zabbix_t domain are the following:

       /usr/bin/zabbix_server,	/usr/sbin/zabbix_proxy,   /usr/sbin/zabbix_server,   /usr/sbin/zabbix_proxy_mysql,   /usr/sbin/zabbix_proxy_pgsql,
       /usr/sbin/zabbix_server_mysql, /usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_proxy_sqlite3, /usr/sbin/zabbix_server_sqlite3

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy  governs	the  access confined processes have to files.  SELinux zabbix policy is very flexible allowing users to setup their zabbix
       processes in as secure a method as possible.

       The following process types are defined for zabbix:

       zabbix_agent_t, zabbix_t

       Note: semanage permissive -a zabbix_t can be used to make the process type zabbix_t permissive. SELinux does not deny access to	permissive
       process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux policy is customizable based on least access required.  zabbix policy is extremely flexible and has several booleans that allow you
       to manipulate the policy and run zabbix with the tightest access possible.

       If you want to determine whether zabbix can connect to all TCP ports, you must turn on the zabbix_can_network boolean. Disabled by default.

       setsebool -P zabbix_can_network 1

       If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the  authlo-
       gin_nsswitch_use_ldap boolean. Disabled by default.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean. Disabled by default.

       setsebool -P daemons_dump_core 1

       If you want to enable cluster mode for daemons, you must turn on the daemons_enable_cluster_mode boolean. Enabled by default.

       setsebool -P daemons_enable_cluster_mode 1

       If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean. Disabled by default.

       setsebool -P daemons_use_tcp_wrapper 1

       If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default.

       setsebool -P daemons_use_tty 1

       If  you	want  to  deny	any  process  from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load modules, you must turn on  the	domain_kernel_load_modules  boolean.  Disabled	by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.

       setsebool -P kerberos_enabled 1

       If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Enabled by default.

       setsebool -P nscd_use_shm 1

NSSWITCH DOMAIN

       If  you	want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the zabbix_agent_t, zab-
       bix_t, you must turn on the authlogin_nsswitch_use_ldap boolean.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to allow confined applications to run with kerberos for the zabbix_agent_t, zabbix_t, you must  turn  on  the  kerberos_enabled
       boolean.

       setsebool -P kerberos_enabled 1

PORT TYPES

       SELinux defines port types to represent TCP and UDP ports.

       You can see the types associated with a port by using the following command:

       semanage port -l

       Policy  governs	the  access  confined processes have to these ports.  SELinux zabbix policy is very flexible allowing users to setup their
       zabbix processes in as secure a method as possible.

       The following port types are defined for zabbix:

       zabbix_agent_port_t

       Default Defined Ports:
		 tcp 10050

       zabbix_port_t

       Default Defined Ports:
		 tcp 10051

MANAGED FILES

       The SELinux process type zabbix_t can manage files labeled with the following file types.  The paths listed are the default paths for these
       file types.  Note the processes UID still need to have DAC permissions.

       cluster_conf_t

	    /etc/cluster(/.*)?

       cluster_var_lib_t

	    /var/lib/pcsd(/.*)?
	    /var/lib/cluster(/.*)?
	    /var/lib/openais(/.*)?
	    /var/lib/pengine(/.*)?
	    /var/lib/corosync(/.*)?
	    /usr/lib/heartbeat(/.*)?
	    /var/lib/heartbeat(/.*)?
	    /var/lib/pacemaker(/.*)?

       cluster_var_run_t

	    /var/run/crm(/.*)?
	    /var/run/cman_.*
	    /var/run/rsctmp(/.*)?
	    /var/run/aisexec.*
	    /var/run/heartbeat(/.*)?
	    /var/run/cpglockd.pid
	    /var/run/corosync.pid
	    /var/run/rgmanager.pid
	    /var/run/cluster/rgmanager.sk

       root_t

	    /
	    /initrd

       zabbix_log_t

	    /var/log/zabbix(/.*)?

       zabbix_tmp_t

       zabbix_tmpfs_t

       zabbix_var_lib_t

	    /var/lib/zabbixsrv(/.*)?

       zabbix_var_run_t

	    /var/run/zabbix(/.*)?

FILE CONTEXTS

       SELinux requires files to have an extended attribute to define the file type.

       You can see the context of a file using the -Z option to ls

       Policy  governs	the  access  confined processes have to these files.  SELinux zabbix policy is very flexible allowing users to setup their
       zabbix processes in as secure a method as possible.

       STANDARD FILE CONTEXT

       SELinux defines the file context types for the zabbix, if you wanted to store files with these types in a diffent paths, you need  to  exe-
       cute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.

       semanage fcontext -a -t zabbix_agent_exec_t '/srv/zabbix/content(/.*)?'
       restorecon -R -v /srv/myzabbix_content

       Note: SELinux often uses regular expressions to specify labels that match multiple files.

       The following file types are defined for zabbix:

       zabbix_agent_exec_t

       - Set files with the zabbix_agent_exec_t type, if you want to transition an executable to the zabbix_agent_t domain.

       Paths:
	    /usr/bin/zabbix_agentd, /usr/sbin/zabbix_agentd

       zabbix_agent_initrc_exec_t

       - Set files with the zabbix_agent_initrc_exec_t type, if you want to transition an executable to the zabbix_agent_initrc_t domain.

       zabbix_exec_t

       - Set files with the zabbix_exec_t type, if you want to transition an executable to the zabbix_t domain.

       Paths:
	    /usr/bin/zabbix_server,  /usr/sbin/zabbix_proxy,  /usr/sbin/zabbix_server, /usr/sbin/zabbix_proxy_mysql, /usr/sbin/zabbix_proxy_pgsql,
	    /usr/sbin/zabbix_server_mysql, /usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_proxy_sqlite3, /usr/sbin/zabbix_server_sqlite3

       zabbix_initrc_exec_t

       - Set files with the zabbix_initrc_exec_t type, if you want to transition an executable to the zabbix_initrc_t domain.

       zabbix_log_t

       - Set files with the zabbix_log_t type, if you want to treat the data as zabbix log data, usually stored under the /var/log directory.

       zabbix_tmp_t

       - Set files with the zabbix_tmp_t type, if you want to store zabbix temporary files in the /tmp directories.

       zabbix_tmpfs_t

       - Set files with the zabbix_tmpfs_t type, if you want to store zabbix files on a tmpfs file system.

       zabbix_var_lib_t

       - Set files with the zabbix_var_lib_t type, if you want to store the zabbix files under the /var/lib directory.

       zabbix_var_run_t

       - Set files with the zabbix_var_run_t type, if you want to store the zabbix files under the /run or /var/run directory.

       zabbixd_var_lib_t

       - Set files with the zabbixd_var_lib_t type, if you want to store the zabbixd files under the /var/lib directory.

       Note: File context can be temporarily modified with the chcon command.  If you want to permanently change the file context you need to  use
       the semanage fcontext command.  This will modify the SELinux labeling database.	You will need to use restorecon to apply the labels.

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage port can also be used to manipulate the port definitions

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), zabbix(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8), zabbix_agent_selinux(8), zabbix_agent_selinux(8)

zabbix								     14-06-10							 zabbix_selinux(8)
All times are GMT -4. The time now is 04:51 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy